Skip to content

Commit d3a81d5

Browse files
AhyoungRyuAhyoungRyu
committed
Update shiro authentication docs
1 parent 8be7970 commit d3a81d5

File tree

1 file changed

+26
-7
lines changed

1 file changed

+26
-7
lines changed

docs/security/shiroauthentication.md

Lines changed: 26 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -66,13 +66,17 @@ Finally, you can login using one of the below **username/password** combinations
6666
<center><img src="../assets/themes/zeppelin/img/docs-img/zeppelin-login.png"></center>
6767

6868
```
69-
admin = password1
70-
user1 = password2
71-
user2 = password3
69+
[users]
70+
71+
admin = password1, admin
72+
user1 = password2, role1, role2
73+
user2 = password3, role3
74+
user3 = password4, role2
7275
```
76+
You can set the roles for each users next to the password.
7377

74-
### 5. Groups and permissions (optional)
75-
In case you want to leverage user groups and permissions, use one of the following configuration for LDAP or AD under `[main]` segment in `shiro.ini`
78+
## Groups and permissions (optional)
79+
In case you want to leverage user groups and permissions, use one of the following configuration for LDAP or AD under `[main]` segment in `shiro.ini`.
7680

7781
```
7882
activeDirectoryRealm = org.apache.zeppelin.server.ActiveDirectoryGroupRealm
@@ -101,6 +105,21 @@ finance = *
101105
group1 = *
102106
```
103107

104-
All of above configurations are defined in the `conf/shiro.ini` file.
108+
## Secure your Zeppelin information (optional)
109+
By default, anyone who defined in `[users]` can share **Interpreter Setting**, **Credential** and **Configuration** information in Apache Zeppelin.
110+
Sometimes you might want to hide these information for your use case.
111+
Since Shiro provides **url-based security**, you can hide the information by commenting or uncommenting these below lines in `conf/shiro.ini`.
112+
113+
```
114+
[urls]
115+
116+
/api/interpreter/** = authc, roles[admin]
117+
/api/configurations/** = authc, roles[admin]
118+
/api/credential/** = authc, roles[admin]
119+
```
120+
121+
In this case, only who have `admin` role can see **Interpreter Setting**, **Credential** and **Configuration** information.
122+
If you want to grant this permission to other users, you can change **roles[ ]** as you defined at `[users]` section.
105123

106-
> **NOTE :** This documentation is originally from [SECURITY-README.md](https://github.com/apache/zeppelin/blob/master/SECURITY-README.md).
124+
<br/>
125+
> **NOTE :** All of the above configurations are defined in the `conf/shiro.ini` file. This documentation is originally from [SECURITY-README.md](https://github.com/apache/zeppelin/blob/master/SECURITY-README.md).

0 commit comments

Comments
 (0)